You're reading from Cloud Security Handbook Effectively secure cloud environments using AWS, Azure, and GCP

Product type Paperback

Published in Apr 2025

Publisher Packt

ISBN-13 9781836200017

Length 482 pages

Edition 2nd Edition

Concepts

Cloud Security

Author (1):

Eyal Estrin

View More author details

Table of Contents (24) Chapters

Preface

1. Part 1:Securing Infrastructure Cloud Services

2. Chapter 1: Introduction to Cloud Security FREE CHAPTER

3. Chapter 2: Securing Compute Services – Virtual Machines

4. Chapter 3: Securing Compute Services – Containers and Kubernetes

5. Chapter 4: Securing Compute Services – Serverless and FaaS

6. Chapter 5: Securing Storage Services

7. Chapter 6: Securing Networking Services – Part 1

8. Chapter 7: Securing Networking Services – Part 2

9. Chapter 8: Securing Generative AI Services

10. Part 2: Deep Dive into IAM, Auditing, and Encryption

11. Chapter 9: Effective Strategies for Implementing IAM Solutions

12. Chapter 10: Auditing and Threat Management in Cloud Environments

13. Chapter 11: Applying Encryption in Cloud Services

14. Part 3: Threat and Vendor Management

15. Chapter 12: Understanding Common Security Threats to Cloud Services

16. Chapter 13: Engaging with Cloud Providers

17. Part 4: Advanced Use of Cloud Services

18. Chapter 14: Managing Hybrid Clouds

19. Chapter 15: Managing Multi-Cloud Environments

20. Chapter 16: Implementing DevSecOps

21. Chapter 17: Security in Large-Scale Environments

22. Index

Why subscribe?

23. Other Books You May Enjoy

Securing block storage

Block storage is a storage scheme such as the on-premises storage area network (SAN).

It allows you to mount a volume (disk), format it to a common filesystem (such as NTFS for Windows or Ext4 for Linux), and store various files, databases, or entire operating systems.

In the following diagram, we can see how a VM is mounting block storage directly from within the operating system:

Figure 5.2 – Attaching block storage

General best practices for securing block storage

Regardless of the cloud provider you are using when using block storage, you should follow these best practices:

Use IAM services to control who can attach, detach, or create a snapshot for block storage volumes to minimize the risk of data exfiltration
Enforce encryption at rest on all block storage volumes and snapshots during creation to maintain data confidentiality
Use ACLs to define who can access specific volumes and what actions...